Thread: [mod-security-users] Is 2.1.2 production ready?
Brought to you by:
victorhora,
zimmerletw
From: Ian H. <li...@ho...> - 2007-08-27 03:25:09
|
Hi. I've just installed the 'stable' release on my dev server (which uses httpd-trunk/2.3 as a base), and am seeing segfaults when I try to run it with the ruleset which comes shipped with the tarball without much effort upon a cursory glance at the code it looks like your trying to do double clear the pool. maybe setting the msc_rule_mptmp (re.c:1264) to NULL after you clear it will solve the issue? if (msr->msc_rule_mptmp == NULL) { if (apr_pool_create(&msr->msc_rule_mptmp, msr->mp) != APR_SUCCESS) { return -1; } mptmp = msr->msc_rule_mptmp; } else { mptmp = msr->msc_rule_mptmp; apr_pool_clear(mptmp); msr->msc_rule_mptmp = NULL } --regards Ian Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000000 [Switching to process 1813 thread 0x1203] apr_pool_clear (pool=0x198c018) at memory/unix/apr_pools.c:354 354 next = node->next; (gdb) bt #0 apr_pool_clear (pool=0x198c018) at memory/unix/apr_pools.c:354 #1 0x0100f8bc in msre_rule_process (rule=0x1912600, msr=0x1985328) at re.c:1263 #2 0x0100fee6 in msre_ruleset_process_phase (ruleset=0x198a798, msr=0x1985328) at re.c:707 #3 0x0101f195 in modsecurity_process_phase (msr=0x1985328, phase=5) at modsecurity.c:381 #4 0x0100a975 in hook_log_transaction (r=0x1984050) at mod_security2.c:866 #5 0x00009d1f in ap_run_log_transaction (r=0x1984050) at protocol.c:1636 #6 0x00014d6f in eor_bucket_cleanup (data=0x1982400) at eor_bucket.c:35 #7 0x005e98f1 in run_cleanups (cref=0x1984028) at memory/unix/apr_pools.c:2082 #8 0x005ea26d in apr_pool_destroy (pool=0x1984018) at memory/unix/apr_pools.c:753 #9 0x0001539c in remove_empty_buckets (bb=0x1964198) at core_filters.c:628 #10 0x000156c1 in send_brigade_nonblocking (s=0x1963850, bb=0x1964198, bytes_written=0x1964140, c=0x1963bd0) at core_filters.c:617 #11 0x000157b7 in send_brigade_blocking (s=0x1963850, bb=0x1964198, bytes_written=0x1964140, c=0x1963bd0) at core_filters.c:641 #12 0x00015992 in ap_core_output_filter (f=0x19640d8, new_bb=0x19641c8) at core_filters.c:443 #13 0x00033218 in ap_process_request (r=0x1984050) at http_request.c:294 #14 0x0002fecb in ap_process_http_connection (c=0x1963bd0) at http_core.c:191 #15 0x0001d8cd in ap_run_process_connection (c=0x1963bd0) at connection.c:43 #16 0x0001dc2f in ap_process_connection (c=0x1963bd0, csd=0x1963850) at connection.c:178 #17 0x0004577f in worker_thread (thd=0x1922c68, dummy=0x1103890) at worker.c:542 #18 0x005f397b in dummy_worker (opaque=0x1922c68) at threadproc/unix/thread.c:142 #19 0x90024227 in _pthread_body () (gdb) $2 = { mp = 0x1988018, modsecurity = 0x18cf2a8, r_early = 0x1984050, r = 0x1984050, dcfg1 = 0x187aa38, dcfg2 = 0x187aa38, usercfg = 0x1988050, txcfg = 0x198a6b8, reqbody_should_exist = 0, reqbody_chunked = 0, phase = 5, phase_request_headers_complete = 0, phase_request_body_complete = 1, if_brigade = 0x0, if_status = 0, if_started_forwarding = 0, reqbody_length = 0, reqbody_status = 0, of_brigade = 0x198ba68, of_status = 2, of_done_reading = 1, of_skipping = 0, resbody_status = 4, resbody_length = 1488, resbody_data = 0x198e018 "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<?xml-stylesheet type=\"text/xsl\" href=\"/admin/tabular.xsl\"?>\n<response xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n xsi:noNamespaceSchemaLocation=\"http"..., resbody_contains_html = 0, error_messages = 0x1988950, alerts = 0x1988980, txid = 0x1985308 "nIyBK8CoAcgAAAcVAWIAAAAA", sessionid = 0x0, userid = 0x0, server_software = 0x1921078 "Apache/2.3.0-dev (Unix)", local_addr = 0x1964018 "::1", local_port = 8000, local_user = 0x0, remote_addr = 0x1964048 "::1", remote_port = 49244, remote_user = 0x0, request_line = 0x1984e48 "GET /select/?q=SELECT+*+from+bbarticle_snap&getnumfound=&version=1&start=0&rows=5 HTTP/1.1", request_method = 0x1984ea8 "GET", request_uri = 0x1984f50 "/select/", query_string = 0x1984f60 "q=SELECT+*+from+bbarticle_snap", request_protocol = 0x1984fa8 "HTTP/1.1", hostname = 0x19852d0 "localhost", request_headers = 0x198aca8, request_content_length = -1, request_content_type = 0x0, arguments = 0x1988c08, arguments_to_sanitise = 0x1989120, request_headers_to_sanitise = 0x19892f8, response_headers_to_sanitise = 0x19894d0, request_cookies = 0x19896a8, is_relevant = 0, tx_vars = 0x19898c0, response_status = 200, status_line = 0x51f24 "200 OK", response_protocol = 0x1026794 "HTTP/1.1", response_headers = 0x198e5f0, response_headers_sent = 1, bytes_sent = 493, msc_reqbody_storage = 1, msc_reqbody_spilltodisk = 1, msc_reqbody_read = 0, msc_reqbody_mp = 0x0, msc_reqbody_chunks = 0x0, msc_reqbody_length = 0, msc_reqbody_chunk_position = 0, msc_reqbody_chunk_offset = 0, msc_reqbody_chunk_current = 0x0, msc_reqbody_buffer = 0x0, msc_reqbody_filename = 0x0, msc_reqbody_fd = 0, msc_reqbody_disk_chunk = 0x0, msc_reqbody_processor = 0x0, msc_reqbody_error = 0, msc_reqbody_error_msg = 0x0, mpd = 0x0, xml = 0x0, new_auditlog_boundary = 0x0, new_auditlog_filename = 0x0, new_auditlog_fd = 0x0, new_auditlog_size = 0, new_auditlog_md5ctx = { state = {0, 0, 0, 0}, count = {0, 0}, buffer = '\0' <repeats 63 times>, xlate = 0x0 }, was_intercepted = 0, intercept_phase = 0, intercept_actionset = 0x0, intercept_message = 0x0, request_time = 1188183854055723, time_checkpoint_1 = 1188183854056171, time_checkpoint_2 = 1188183854058384, time_checkpoint_3 = 1188183854061661, matched_var = 0x198b650 "RESPONSE_STATUS", upload_extract_files = 0, upload_remove_files = 0, collections = 0x1989b58, collections_dirty = 0x1989cd0, msc_rule_mptmp = 0x198c018 } (gdb) print *msr->msc_rule_mptmp $3 = { parent = 0x0, child = 0x0, sibling = 0x0, ref = 0x0, cleanups = 0x357b, free_cleanups = 0x0, allocator = 0x0, subprocesses = 0x18a, abort_fn = 0x357b <main+3775>, user_data = 0x2f72, tag = 0x0, active = 0x0, self = 0x357b, self_first_avail = 0x0 } |
From: Ivan R. <iva...@gm...> - 2007-08-28 13:23:44
|
Hi Ian, First of all, thanks for your email. Did the change to the code fix the problem for you? The function apr_pool_clear is (according to the documentation, at least) a non-destructive operation. It clears the pool so that it can be reused. Setting msc_rule_mptmp to NULL would cause a new pool to be created for every rule, which is what we wanted to avoid. What version of the APR is your Apache installation using? On 8/27/07, Ian Holsman <li...@ho...> wrote: > Hi. > > I've just installed the 'stable' release on my dev server (which uses > httpd-trunk/2.3 as a base), and am seeing segfaults when I try to run it > with the ruleset which comes shipped with the tarball without much effort > > upon a cursory glance at the code it looks like your trying to do double > clear the pool. > > maybe setting the msc_rule_mptmp (re.c:1264) to NULL after you clear it > will solve the issue? > > if (msr->msc_rule_mptmp == NULL) { > if (apr_pool_create(&msr->msc_rule_mptmp, msr->mp) != APR_SUCCESS) { > return -1; > } > mptmp = msr->msc_rule_mptmp; > } > else { > mptmp = msr->msc_rule_mptmp; > apr_pool_clear(mptmp); > msr->msc_rule_mptmp = NULL > } > > > --regards > Ian > > Program received signal EXC_BAD_ACCESS, Could not access memory. > Reason: KERN_PROTECTION_FAILURE at address: 0x00000000 > [Switching to process 1813 thread 0x1203] > apr_pool_clear (pool=0x198c018) at memory/unix/apr_pools.c:354 > 354 next = node->next; > (gdb) bt > #0 apr_pool_clear (pool=0x198c018) at memory/unix/apr_pools.c:354 > #1 0x0100f8bc in msre_rule_process (rule=0x1912600, msr=0x1985328) at > re.c:1263 > #2 0x0100fee6 in msre_ruleset_process_phase (ruleset=0x198a798, > msr=0x1985328) at re.c:707 > #3 0x0101f195 in modsecurity_process_phase (msr=0x1985328, phase=5) at > modsecurity.c:381 > #4 0x0100a975 in hook_log_transaction (r=0x1984050) at mod_security2.c:866 > #5 0x00009d1f in ap_run_log_transaction (r=0x1984050) at protocol.c:1636 > #6 0x00014d6f in eor_bucket_cleanup (data=0x1982400) at eor_bucket.c:35 > #7 0x005e98f1 in run_cleanups (cref=0x1984028) at > memory/unix/apr_pools.c:2082 > #8 0x005ea26d in apr_pool_destroy (pool=0x1984018) at > memory/unix/apr_pools.c:753 > #9 0x0001539c in remove_empty_buckets (bb=0x1964198) at core_filters.c:628 > #10 0x000156c1 in send_brigade_nonblocking (s=0x1963850, bb=0x1964198, > bytes_written=0x1964140, c=0x1963bd0) at core_filters.c:617 > #11 0x000157b7 in send_brigade_blocking (s=0x1963850, bb=0x1964198, > bytes_written=0x1964140, c=0x1963bd0) at core_filters.c:641 > #12 0x00015992 in ap_core_output_filter (f=0x19640d8, new_bb=0x19641c8) > at core_filters.c:443 > #13 0x00033218 in ap_process_request (r=0x1984050) at http_request.c:294 > #14 0x0002fecb in ap_process_http_connection (c=0x1963bd0) at > http_core.c:191 > #15 0x0001d8cd in ap_run_process_connection (c=0x1963bd0) at connection.c:43 > #16 0x0001dc2f in ap_process_connection (c=0x1963bd0, csd=0x1963850) at > connection.c:178 > #17 0x0004577f in worker_thread (thd=0x1922c68, dummy=0x1103890) at > worker.c:542 > #18 0x005f397b in dummy_worker (opaque=0x1922c68) at > threadproc/unix/thread.c:142 > #19 0x90024227 in _pthread_body () > (gdb) > $2 = { > mp = 0x1988018, > modsecurity = 0x18cf2a8, > r_early = 0x1984050, > r = 0x1984050, > dcfg1 = 0x187aa38, > dcfg2 = 0x187aa38, > usercfg = 0x1988050, > txcfg = 0x198a6b8, > reqbody_should_exist = 0, > reqbody_chunked = 0, > phase = 5, > phase_request_headers_complete = 0, > phase_request_body_complete = 1, > if_brigade = 0x0, > if_status = 0, > if_started_forwarding = 0, > reqbody_length = 0, > reqbody_status = 0, > of_brigade = 0x198ba68, > of_status = 2, > of_done_reading = 1, > of_skipping = 0, > resbody_status = 4, > resbody_length = 1488, > resbody_data = 0x198e018 "<?xml version=\"1.0\" > encoding=\"UTF-8\"?>\n<?xml-stylesheet type=\"text/xsl\" > href=\"/admin/tabular.xsl\"?>\n<response > xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n > xsi:noNamespaceSchemaLocation=\"http"..., > resbody_contains_html = 0, > error_messages = 0x1988950, > alerts = 0x1988980, > txid = 0x1985308 "nIyBK8CoAcgAAAcVAWIAAAAA", > sessionid = 0x0, > userid = 0x0, > server_software = 0x1921078 "Apache/2.3.0-dev (Unix)", > local_addr = 0x1964018 "::1", > local_port = 8000, > local_user = 0x0, > remote_addr = 0x1964048 "::1", > remote_port = 49244, > remote_user = 0x0, > request_line = 0x1984e48 "GET > /select/?q=SELECT+*+from+bbarticle_snap&getnumfound=&version=1&start=0&rows=5 > HTTP/1.1", > request_method = 0x1984ea8 "GET", > request_uri = 0x1984f50 "/select/", > query_string = 0x1984f60 "q=SELECT+*+from+bbarticle_snap", > request_protocol = 0x1984fa8 "HTTP/1.1", > hostname = 0x19852d0 "localhost", > request_headers = 0x198aca8, > request_content_length = -1, > request_content_type = 0x0, > arguments = 0x1988c08, > arguments_to_sanitise = 0x1989120, > request_headers_to_sanitise = 0x19892f8, > response_headers_to_sanitise = 0x19894d0, > request_cookies = 0x19896a8, > is_relevant = 0, > tx_vars = 0x19898c0, > response_status = 200, > status_line = 0x51f24 "200 OK", > response_protocol = 0x1026794 "HTTP/1.1", > response_headers = 0x198e5f0, > response_headers_sent = 1, > bytes_sent = 493, > msc_reqbody_storage = 1, > msc_reqbody_spilltodisk = 1, > msc_reqbody_read = 0, > msc_reqbody_mp = 0x0, > msc_reqbody_chunks = 0x0, > msc_reqbody_length = 0, > msc_reqbody_chunk_position = 0, > msc_reqbody_chunk_offset = 0, > msc_reqbody_chunk_current = 0x0, > msc_reqbody_buffer = 0x0, > msc_reqbody_filename = 0x0, > msc_reqbody_fd = 0, > msc_reqbody_disk_chunk = 0x0, > msc_reqbody_processor = 0x0, > msc_reqbody_error = 0, > msc_reqbody_error_msg = 0x0, > mpd = 0x0, > xml = 0x0, > new_auditlog_boundary = 0x0, > new_auditlog_filename = 0x0, > new_auditlog_fd = 0x0, > new_auditlog_size = 0, > new_auditlog_md5ctx = { > state = {0, 0, 0, 0}, > count = {0, 0}, > buffer = '\0' <repeats 63 times>, > xlate = 0x0 > }, > was_intercepted = 0, > intercept_phase = 0, > intercept_actionset = 0x0, > intercept_message = 0x0, > request_time = 1188183854055723, > time_checkpoint_1 = 1188183854056171, > time_checkpoint_2 = 1188183854058384, > time_checkpoint_3 = 1188183854061661, > matched_var = 0x198b650 "RESPONSE_STATUS", > upload_extract_files = 0, > upload_remove_files = 0, > collections = 0x1989b58, > collections_dirty = 0x1989cd0, > msc_rule_mptmp = 0x198c018 > } > (gdb) print *msr->msc_rule_mptmp > $3 = { > parent = 0x0, > child = 0x0, > sibling = 0x0, > ref = 0x0, > cleanups = 0x357b, > free_cleanups = 0x0, > allocator = 0x0, > subprocesses = 0x18a, > abort_fn = 0x357b <main+3775>, > user_data = 0x2f72, > tag = 0x0, > active = 0x0, > self = 0x357b, > self_first_avail = 0x0 > } > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > -- Ivan Ristic |